AWS Velero
This terraform module provides an easy way to generate Velero required cloud resources (S3 and IAM) to backup Kubernetes objects and trigger volume snapshots.
Requirements
Name | Version |
---|---|
terraform | 0.15.4 |
aws | 3.37.0 |
Providers
Name | Version |
---|---|
aws | 3.37.0 |
Resources
Name | Type |
---|---|
aws_iam_access_key.velero_backup | resource |
aws_iam_policy.velero_backup | resource |
aws_iam_policy_attachment.velero_backup | resource |
aws_iam_role.velero_backup | resource |
aws_iam_role_policy_attachment.velero_backup | resource |
aws_iam_user.velero_backup_user | resource |
aws_s3_bucket.backup_bucket | resource |
aws_caller_identity.current | data source |
Inputs
Name | Description | Type | Default | Required |
---|---|---|---|---|
backup_bucket_name | Backup Bucket Name | string | n/a | yes |
oidc_provider_url | URL of OIDC issuer discovery document | string | "" | no |
tags | Custom tags to apply to resources | map(string) | {} | no |
Outputs
Name | Description |
---|---|
backup_storage_location | Velero Cloud BackupStorageLocation CRD |
cloud_credentials | Velero required file with credentials |
service_account | Velero ServiceAccount |
volume_snapshot_location | Velero Cloud VolumeSnapshotLocation CRD |
Usage
module "velero" {
source = "../vendor/modules/aws-velero"
backup_bucket_name = "my-cluster-staging-velero"
tags = {
"my-key": "my-value"
}
}
To use IAM Roles for Service Accounts (IRSA):
data "aws_eks_cluster" "this" {
name = "my-cluster-staging"
}
module "velero" {
source = "../vendor/modules/aws-velero"
backup_bucket_name = "my-cluster-staging-velero"
oidc_provider_url = replace(data.aws_eks_cluster.this.identity.0.oidc.0.issuer, "https://", "")
tags = {
"my-key": "my-value"
}
}
For more information about IAM Roles for Service Accounts to inject AWS credentials inside Velero's pods, click here